compliance officers’ workshop

24th January 2007 Craigcrook Management Services 1

COMPLIANCE OFFICERS’ WORKSHOP

MiFID – Systems and Controls


MiFID

• Agenda

• Overview

• Areas Applicable:

• General Organisation including Business Continuity

• Employees including Senior Managers


MiFID

• Agenda

• Compliance and Internal Audit

• Risk Controls

• Outsourcing

• Record Keeping

• Conflicts of Interest

• Deilverables included in your pack


MiFID

• Overview• Common Platform• Super equivalence• Remember proportionality• New SYSC Rulebook• Commencement – 1st January 2007 for

CRD firms and 1st November 2007 for MiFID firms


MiFID

• General Organisation• Tightening of requirements and increased

Senior Management responsibilities compared to SYSC 3

• Requirements are:• Robust Governance;• Sound decision making;• Clear and effective Organisational structure;


MiFID

• General Organisation

• Adequate Internal Controls;

• Effective Internal communication (MI);

• Adequate safeguards for the security, integrity and confidentiality of information

• Accounting – unified standard

• Obligation of continuous Monitoring


MiFID


• Formal Verification of Compliance with the Regulatory System -

• Very much only under consideration at the moment

• Retain guidance on the Audit Committee

• Business Continuity


MiFID


• MiFID requirements wider

• Require planning for an “interruption” to business activities

• FSA Policy on the responsibilities of Senior Managers under review

• Likely to increase


MiFID

• Employees• FSA will require:• Awareness of procedures;• Segregation of duties;• Employees to be competent and have the

appropriate skills, knowledge and expertise;• Firms to monitor both their systems and

individual employees on a ongoing basis


MiFID

• Compliance

• Creation of a good Compliance culture a priority

• Compliance to be independent (unless disproportionate)

• However, then a test of effectiveness applies


MiFID

• Compliance

• Regular Monitoring Programme

• Effective Policies and procedures

• Identification of Risks if non compliant

• Compliance Officer to report to Board


MiFID

• Internal Audit• Viewed as part of the Compliance

arrangements• Must be separate from Compliance and/or

Risk• Internal Auditor responsible for audit plan

and verifying compliance with recommendations


MiFID

• Internal Audit

• Internal Audit review of Compliance?


MiFID

• Risk

• Guidance replaced with High Level Rules

• Covers all employees

• Risk Management Strategy covering:

• Risk assessment;

• Sets the level of Risk tolerance;

• Risk management arrangements;


MiFID

• Risk

• Create Risk strategies and policies;

• Regular Monitoring of compliance;

• Provision of Reports to Board (MI)

• Risk function to be independent of Compliance and Internal Audit

• Internal Auditor to review Risk function


MiFID

• Risk

• For Firms also subject to the CRD the following will also be part of the Risk Management Strategy:

• Credit and Counterparty Risk;

• Residual Risk;

• Market Risk;


MiFID

• Risk

• Operational Risk covering identification, management, monitoring and reporting of operating risks including low frequency high severity risks


MiFID

• Outsourcing

• MiFID requirements apply to outsourcing of critical or important functions

• Will apply to all firms activities

• Outsourcing must not:

• Impair Internal Control;

• Ability of FSA to supervise Firm;


MiFID

• Outsourcing

• Result in the delegation by Senior Managers of their responsibility;

• Relationship with clients must not be altered;

• A series of conditions set out in SYSC 8.1.8 must be fulfilled (see pack)


MiFID

• Record Keeping

• Documents to be retained for a minimum of 5 years

• Little change here

• Taped Telephone Conversations to be retained for 1 year


MiFID

• Conflicts of Interest

• A recurring theme in MiFID

• Of huge interest to FSA

• Refer to “Dear CEO” Letters of November 2005

• Applies to all categories of clients

• Disclosure is no longer the default position


MiFID

• Conflicts of Interest• Firm must have a written Conflicts policy• Firms to identify potential conflicts and

how these are to be managed• Also applies to Conflicts that employees

might have or cause the firm to have• Firm should create appropriate procedures

to manage Conflicts


MiFID

• Conflicts of Interest• Examples when Disclosure not an

appropriate measure:• Firms trades as a principal and has advisory

or discretionary clients;• Firm is advising an issuer and has advisory

or discretionary clients interested in investing in the offer;


MiFID

• Conflicts of Interest• Firms clients have competing interests;• Conflicts affecting retail clients• Disclosure appropriate only in limited

circumstances affecting professional clients• When a firm is a member of a Group the

interests of other parts of the Group need to be considered


MiFID

• Conclusion• Increased documentation and procedures• Greater responsibilities for Senior Managers• Greater Responsibility for Compliance

Officer and Internal Auditor• Mostly revised policies but some IT

implications• Especially the need for greater MI


MiFID

William Macdonald

Managing Director

Craigcrook Management Services

198 Craigcrook Road, Edinburgh

Tel: 0131-312-7501 Mobile:07889-534743

Email: [email protected]